mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
[GH-ISSUE #3074] KDE apps causing seccomp violations (name_to_handle_at)? #1927
Labels
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/firejail#1927
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @smitsohu on GitHub (Dec 7, 2019).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3074
A while back there was a report about Qutebrowser issuing
name_to_handle_atsyscalls, which broke the app in sandboxes started with the default seccomp filter (#2302).On one system I have now many KDE apps (e.g. Gwenview, Dolphin, Baloo) that are also broken because of the blacklisted
name_to_handle_atsyscall, which seems to suggest that something in Qt changed recently.Can someone confirm this?
The affected system is Debian Buster, kernel from backports (5.3.9-2~bpo10+1 (2019-11-13))
Qt 5.11.3, KDE Frameworks 5.54.0
@Vincent43 commented on GitHub (Dec 8, 2019):
I tested with gwenview and it works normal. Except kernel they rest of system spec you listed are pretty ancient so this doesn't look like recent change in qt/kde libs.
My system spec: Arch Linux, linux 5.4.2, Qt 5.13.2, KDE Frameworks 5.64.0.
@smitsohu commented on GitHub (Dec 8, 2019):
Right! It is a Debian after all.
@FOSSONLY commented on GitHub (Dec 8, 2019):
I'm using Debian-Testing myself and so far I've noticed that Qt or anything based on Qt is treated with seemingly little priority. KDE is very sensitive about this, and doesn't run smoothly or show strange bugs when Qt isn't up to date. I don't know why this always takes forever until there are updates, or what blocks it. Everything based on GTK behaves radially differently, and enjoys very timely updates.
@smitsohu commented on GitHub (Dec 9, 2019):
Nothing relevant for the release. I caused it myself. These apps wanted access to /run/udev, which I didn't grant them, and as a result they started calling
name_to_handle_at.firejail --listshows nothing #2429